[原文链接] http://lizhao6210-126-com.iteye.com/blog/2175548
一,环境说明
操作系统:Red Hat Enterprise Linux Server release 7.0
all in one 安装
二,yum源
wget https://rdo.fedorapeople.org/rdo-release.rpm
rpm -ivh rdo-release.rpm
wget http://ftp.sjtu.edu.cn/fedora/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -ivh epel-release-7-2.noarch.rpm
wget -O /etc/yum.repos.d/epel-erlang.repo http://repos.fedorapeople.org/repos/peter/erlang/epel-erlang.repo
vi /etc/yum.repos.d/epel-erlang.repo
[epel-erlang]
baseurl=https://repos.fedorapeople.org/repos/peter/erlang/epel-5/x86_64/
[epel-erlang-source]
baseurl=https://repos.fedorapeople.org/repos/peter/erlang/epel-5/SRPMS/
yum clean all;
yum makecache;
yum update;
三,准备
#默认安装完后会把rpm包删除,keepcache改为1,不会删除,方便以后确认版本
vi /etc/yum.conf
keepcache=1
vi /etc/hosts
127.0.0.1 rhel7
四,安装kvm libvirt,配置网络环境,graphics采用spice
yum install openssh-clients
yum install qemu-kvm
yum install libvirt
yum install tunctl
yum install spice-vdagent
#检查kvm是否安装成功
lsmod | grep kvm
#修改qemu配置
vi /etc/libvirt/qemu.conf
vnc_allow_host_audio = 1
cgroup_controllers = [ "cpu", "cpuacct", "devices", "memory" ]
clear_emulator_capabilities=0
user = "root"
group = "root"
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun",
]
vi /etc/selinux/config
change the line "SELINUX=enforcing" to SELINUX=permissive
#执行命令
setenforce permissive
systemctl enable libvirtd.service;
systemctl restart libvirtd.service;
#redhat7 默认没有ifconfig
yum install net-tools
#创建虚拟网卡
vi /root/tap.sh
tunctl -u root
brctl addif br0 tap0
ifconfig tap0 promisc up
chmod 777 /root/tap.sh
echo '/root/tap.sh' >> /etc/rc.local
#改网卡
cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-br0
vi /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=manual
BRIDGE=br0
DEVICE=eth0
vi /etc/sysconfig/network-scripts/ifcfg-br0
NAME=br0
TYPE=Bridge
DEVICE=br0
#开放所有端口
iptables -I INPUT -p tcp -m multiport --dports 1:65535 -j ACCEPT
#重启
reboot
五,安装ntp、rabbitmq服务
yum install ntp
vi /etc/ntp.conf
server rhel7 iburst
systemctl enable ntpd.service
systemctl restart ntpd.service
yum install yum-plugin-priorities
yum install openstack-selinux
#rabbitmq依赖
yum install erlang
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl restart rabbitmq-server.service
#修改时可能报错,先systemctl stop rabbitmq-server.service 再 systemctl start rabbitmq-server.service 试试
rabbitmqctl change_password guest 123456
六,安装mysql
yum install mariadb mariadb-server MySQL-python
vi /etc/my.cnf
[mysqld]
key_buffer_size = 16M
bind-address = 0.0.0.0
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
systemctl enable mariadb.service;
systemctl start mariadb.service;
mysql_secure_installation
#设置允许远程访问
mysql -u root -p
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY '123456' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;
FLUSH PRIVILEGES;
七,安装 Identity service(keystone)
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
openssl rand -hex 123456
#openssl rand -hex 10
# ee0341733ea29917c41c
yum install openstack-keystone python-keystoneclient
vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = admin
verbose = True
log_dir = /var/log/keystone
[database]
connection = mysql://keystone:123456@rhel7/keystone
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone;
chown -R keystone:keystone /var/log/keystone;
chown -R keystone:keystone /etc/keystone/ssl;
chmod -R o-rwx /etc/keystone/ssl;
su -s /bin/sh -c "keystone-manage db_sync" keystone
systemctl enable openstack-keystone.service
systemctl restart openstack-keystone.service
export OS_SERVICE_TOKEN=admin;
export OS_SERVICE_ENDPOINT=http://rhel7:35357/v2.0;
keystone tenant-create --name admin;
keystone user-create --name admin --pass 123456;
keystone role-create --name admin;
keystone user-role-add --tenant admin --user admin --role admin;
keystone role-create --name _member_;
keystone user-role-add --tenant admin --user admin --role _member_;
keystone tenant-create --name demo --description "Demo Tenant";
keystone user-create --name demo --pass 123456;
keystone user-role-add --tenant demo --user demo --role _member_;
keystone tenant-create --name service --description "Service Tenant";
keystone service-create --name keystone --type identity --description "OpenStack Identity";
keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://rhel7:5000/v2.0 --internalurl http://rhel7:5000/v2.0 --adminurl http://rhel7:35357/v2.0 --region regionOne
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT;
export OS_USERNAME=admin;
export OS_PASSWORD=123456;
export OS_TENANT_NAME=admin;
export OS_AUTH_URL=http://rhel7:35357/v2.0;
#验证
keystone user-list
八,安装Image service(glance)
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
source admin-openrc.sh
keystone user-create --name glance --pass 123456;
keystone user-role-add --user glance --tenant service --role admin;
keystone service-create --name glance --type image --description "OpenStack Image Service";
keystone endpoint-create --service-id $(keystone service-list | awk '/ image / {print $2}') --publicurl http://rhel7:9292 --internalurl http://rhel7:9292 --adminurl http://rhel7:9292 --region regionOne;
yum install openstack-glance python-glanceclient
vi /etc/glance/glance-api.conf
[database]
connection = mysql://glance:123456@rhel7/glance
[keystone_authtoken]
auth_uri = http://rhel7:5000/v2.0
identity_uri = http://rhel7:35357
admin_tenant_name = service
admin_user = glance
admin_password = 123456
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
verbose = True
vi /etc/glance/glance-registry.conf
[database]
connection = mysql://glance:123456@rhel7/glance
[keystone_authtoken]
auth_uri = http://rhel7:5000/v2.0
identity_uri = http://rhel7:35357
admin_tenant_name = service
admin_user = glance
admin_password = 123456
[paste_deploy]
flavor = keystone
[DEFAULT]
verbose = True
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
#验证
glance image-list
glance image-create --name "CentOS64" --file /data/CentOS64.qcow2 --disk-format qcow2 --container-format bare --is-public True --progress
九,安装Compute service
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
keystone user-create --name nova --pass 123456;
keystone user-role-add --user nova --tenant service --role admin;
keystone service-create --name nova --type compute --description "OpenStack Compute";
keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') --publicurl http://rhel7:8774/v2/%\(tenant_id\)s --internalurl http://rhel7:8774/v2/%\(tenant_id\)s --adminurl http://rhel7:8774/v2/%\(tenant_id\)s --region regionOne
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
vi /etc/nova/nova.conf
#注意[database] 放在[conductor]下面,不能放在开头或者结尾
[database]
connection = mysql://nova:123456@rhel7/nova
[DEFAULT]
rpc_backend = rabbit
rabbit_host = rhel7
rabbit_password = 123456
auth_strategy = keystone
my_ip = 172.26.22.109
vncserver_listen = 172.26.22.109
vncserver_proxyclient_address = 172.26.22.109
verbose = True
[keystone_authtoken]
auth_uri = http://rhel7:5000/v2.0
identity_uri = http://rhel7:35357
admin_tenant_name = service
admin_user = nova
admin_password = 123456
[glance]
host = rhel7
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#验证
nova list
十,安装计算节点compute node
yum install openstack-nova-compute sysfsutils
vi /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 172.26.22.109
novncproxy_base_url = http://rhel7:6080/vnc_auto.html
egrep -c '(vmx|svm)' /proc/cpuinfo
若结果为0
vi /etc/nova/nova.conf
virt_type = qemu
若结果大于0
vi /etc/nova/nova.conf
virt_type = kvm
systemctl enable libvirtd.service openstack-nova-compute.service;
systemctl restart libvirtd.service;
systemctl restart openstack-nova-compute.service;
Verify operation
nova service-list
十一,安装network server (neutron)
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
keystone user-create --name neutron --pass 123456;
keystone user-role-add --user neutron --tenant service --role admin;
keystone service-create --name neutron --type network --description "OpenStack Networking";
keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://rhel7:9696 --adminurl http://rhel7:9696 --internalurl http://rhel7:9696 --region regionOne
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which
keystone tenant-get service
vi /etc/neutron/neutron.conf
[database]
connection = mysql://neutron:123456@rhel7/neutron
[DEFAULT]
auth_strategy = keystone
rpc_backend=neutron.openstack.common.rpc.impl_kombu
rabbit_host=172.26.22.109
rabbit_password=123456
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://172.26.22.109:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = adf8c51b227b47548551dd00c89a743a
nova_admin_password = 123456
nova_admin_auth_url = http://172.26.22.109:35357/v2.0
nova_region_name = regionOne
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[keystone_authtoken]
auth_uri=http://172.26.22.109:5000
auth_host=172.26.22.109
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=nova
admin_password=123456
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
vi /etc/nova/nova.conf
#network serice
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://172.26.22.109:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = 123456
neutron_admin_auth_url = http://172.26.22.109:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service
systemctl enable neutron-server.service;
systemctl start neutron-server.service;
Verify operation
neutron ext-list
十二,安装network node
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
---注释掉/etc/neutron/neutron.conf中 [service_providers]所有有效的部分
vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
auth_url = http://172.26.22.109:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = 123456
nova_metadata_ip = 172.26.22.109
metadata_proxy_shared_secret = 123456
vi /etc/nova/nova.conf
[DEFAULT]
#metadata
service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = 123456
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ovs]
local_ip = 172.26.22.109
tunnel_type = gre
enable_tunneling = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
systemctl restart openstack-nova-api.service
systemctl enable openvswitch.service;
systemctl start openvswitch.service;
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Verify operation
neutron agent-list
十三,安装dashboard
yum install openstack-dashboard httpd mod_wsgi memcached python-memcached
vi /etc/openstack-dashboard/local_settings
#OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.
MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
setsebool -P httpd_can_network_connect on
chown -R apache:apache /usr/share/openstack-dashboard/static
systemctl enable httpd.service memcached.service;
systemctl start httpd.service memcached.service;
Verify operation
http://172.26.83.109/dashboard
十四,测试安装结果(Launch an instance)
#创建镜像
glance image-create --name "vm1" --file /home/linux-microcore-3.8.2.qcow2 --disk-format qcow2 --container-format bare --is-public True --progress
#添加网桥bt-int,br-ex
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
#eth2 外网ip网关地址
ovs-vsctl add-port br-ex eth1
#重启网络服务使配置生效
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service;
#创建外网
neutron net-create ext-net --shared --router:external=True
#neutron subnet-create ext-net --name ext-subnet --allocation-pool start=192.168.100.101,end=192.168.100.200 --disable-dhcp --gateway 192.168.100.1 192.168.100.0/24
#neutron subnet-create ext-net --name ext-subnet --allocation-pool start=182.26.18.2,end=182.26.18.253 --disable-dhcp --gateway 182.26.18.1 182.26.18.0/24
#创建内网
neutron net-create int-net
neutron subnet-create int-net --name int-subnet --dns-nameserver 202.99.96.68 --gateway 192.168.1.254 192.168.1.0/24
#创建路由,并且连接到外部网络
neutron router-create router1
neutron router-interface-add router1 int-subnet
#neutron router-gateway-set router1 ext-net
#创建虚拟机
neutron net-list | awk '/ int-net / { print $2 }'
nova flavor-list
nova image-list
nova boot --flavor m1.small --image CentOS64 --nic net-id=486c5a56-4079-4c56-b225-fdc4a412895a --security-group default instance1
nova boot --flavor 17c03b75-69d8-4ca0-ac4c-c7e37c8c5297 --image CentOS64 --nic net-id=46e1aeec-e084-49d8-b8e9-bec3293d7475 --security-group default instance1
#查看虚拟机
nova list
十五,spice支持
yum install openstack-nova-spicehtml5proxy
rpm -ivh spice-html5-0.1.5-1.el6.noarch.rpm
vi /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = False
[spice]
agent_enabled = True
enabled = False
html5proxy_base_url = http://172.26.83.109:6082/spice_auto.html
keymap = en-us
server_listen = 0.0.0.0
server_proxyclient_address = 172.26.22.109
systemctl enable openstack-nova-spicehtml5proxy.service;
systemctl restart openstack-nova-spicehtml5proxy.service;
systemctl restart httpd.service memcached.service
systemctl stop openstack-nova-novncproxy.service;
systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-compute.service;
yum install -y spice-server spice-protocol
systemctl disable openstack-nova-novncproxy.service;
systemctl stop openstack-nova-novncproxy.service;